[Snort-users] MySQL support for Snort 2.9.4

waldo kitty wkitty42 at ...14940...
Wed Dec 12 11:36:47 EST 2012


On 12/12/2012 09:49, Russ Combs wrote:
> On Wed, Dec 12, 2012 at 9:32 AM, waldo kitty <wkitty42 at ...14940...> wrote:
>     On 12/11/2012 17:08, Kaya Saman wrote:
>      > Starting Snort does give me a few warnings:
>      >
>      > Running in IDS mode
>      >
>      > --== Initializing Snort ==--
>      > Initializing Output Plugins!
>     [...]
>      > pcap DAQ configured to passive.
>      > Acquiring network traffic from "trunk0".
>      > Reload thread starting...
>      > Reload thread started, thread 0x205d9a600 (18685)
>
>     pretty much ok to here...
>
>      > Decoding Ethernet
>
>     this bothers me... why? because it seems to indicate that only ethernet is being
>     sniffed and not tcp/ip...
>
> FYI - this is just an indication of the outermost layer decoder (the datalink
> type obtained from the DAQ).  Snort can handle others, but Ethernet will be the
> most common.

ahhh... ok... i'm so used to seeing "Decoding 'ANY' on interface foo"... there 
are literally thousands of those still running out there ;)





More information about the Snort-users mailing list